Monitoring Officers must ensure good governance over data and social media, writes David Kitson.
In our increasingly internet and technology driven times, Monitoring Officers have a duty to ensure that councils have strong standards of governance and clearly defined processes and policies over the information and data that they hold and disclose, including through social media.
Social media in particular can be a challenging area. It remains in many respects an unregulated (even lawless) arena, with an abundance of those who are all too ‘trigger happy’. Content posted on social media has the potential to reach a much wider audience than ever before, (potentially worldwide) rather than being confined to the locality in which the content originated. This means that content can have a much more significant impact, with some degree of permanence.
It is becoming increasingly common for standards complaints to be made on the basis of comments councillors have made on social media. As section 27(1) of the Localism Act 2011 (LA) places a positive duty on councils to promote and maintain high standards of conduct of members (and officers), Councils must seek to do so where their members use social media.
Section 27(2) of the LA states that the Code of Conduct applies when members are acting in their official capacity. This can present significant grey areas in the context of social media, where the line between acting officially or in a private capacity can be a difficult one to draw. Often the councillor will state that they were posting in a private capacity, whereas the complainant will state the opposite.
Some councils seek to go further and expressly state that their Codes apply when a councillor is purporting to act or giving the impression of acting in their official capacity, which can present its own problems in interpreting and assessing complaints.
In January 2019 the Committee on Standards in Public Life published their report ‘Local Government Ethical Standards – A Review by the Committee on Standards in Public Life’. In this, councillors’ use of social media is recognised as being a cause for concern, with a recommendation that there be a rebuttable presumption that when posting on social media they are acting in an official capacity. The report also highlights the importance of guidance for councillors on the use of social media, as well as effective monitoring by councils. The use of social media to attack and harass councillors is also raised within the report.
As a result, Monitoring Officers need to satisfy themselves that Members are fully informed about the appropriate use of social media, and the potential consequences of their posts – this is particularly so where those Members are expressing a clear view as to how they will vote on a particular item of business.
Data governance in the GDPR era
However, issues presented by the digital age are by no means confined to social media. With the introduction of the GDPR last year, and the Data Protection Act 2018 (DPA), all organisations are now operating in an environment of heightened awareness of information privacy rights. The Information Commissioner has very recently issued two notices of intent to fine under the new legislation, the first of these concerning a fine for British Airways of £183.39m, and the second concerning a fine for Marriott International of £99m. If the scale of these proposed fines does not focus the minds of councils – and Monitoring Officers - on the importance of getting data protection right, then little else will.
Councils process significant amounts of personal data on a daily basis, and it is imperative to the successful delivery of services that this is done securely and in compliance with the GDPR and the DPA. However, an update update published by the ICO one year on from the introduction of the GDPR highlighted that local government accounted for one of the highest proportions of the 14,000 data breaches reported; at 8%. Local government was one of only two sectors that the ICO highlighted in relation to data breaches.
The ICO also revealed that it had received 41,000 complaints from the public since GDPR was introduced, 38% of which related to the handling of subject access requests. It further disclosed that nearly one in ten of these complaints related to local government.
Monitoring Officer responsibility
Monitoring Officers have a strong leadership role to play in ensuring that clear policies and processes are in place concerning both information and data governance and the use of social media in all aspects of Council business and operations, as well as regular training for both councillors and officers to consolidate understanding. Dealing with potential issues on a reactive basis will often be too late to avoid serious breaches of legislation, duties of confidence and significant damage to reputation: Monitoring Officers need to be proactive.